About UsSocket helps devs and security teams ship faster by cutting out security busywork. Thousands of orgs use Socket to safely find, audit, and manage open source code. Our customers - from Anthropic to xAI, and Figma to Vercel - love Socket (just check out their tweets to see for yourself!)Founded by Feross Aboukhadijeh, a long-time open source maintainer with software downloaded over a billion times a month, Socket has raised $125M in funding from top angels, operators, and security leaders.About the RoleJoin Socket to build and scale our patching infrastructure that delivers secure, vetted packages to developers worldwide. You’ll be at the forefront of supply chain security, creating patches for critical vulnerabilities and building the systems that help the entire open source ecosystem stay secure. This role combines deep technical work with meaningful community impact that benefits the entire ecosystem. As an early member of the Socket team, you’ll help shape how we scale this technology across the JavaScript ecosystem and beyond.What You'll DoMaster Socket workflows, tools, and patching processesLead patching efforts for high-impact vulnerabilities across npm packagesScale patch production to dozens or hundreds of patches per weekHelp select and prioritize high-value patchesProvide technical input on patch prioritization based on ecosystem and customer impactBuild and improve automated patching infrastructure and toolingDesign and implement scalable patch generation and delivery systemsDevelop automated vulnerability detection and patch creation workflowsBuild APIs and integrations to deliver certified packagesCreate tooling for patch quality assurance and testingWork with security researchers to understand and patch critical vulnerabilitiesHelp shape the technical roadmap for expansionGive developers quick, safe remediation options for widely-used packagesHelp secure the software supply chain for millions of developersWhat You'll BringRequired:3+ years of software engineering experience with production systemsStrong proficiency in Node.js, JavaScript, and TypeScriptExperience with package managers (npm, yarn, pnpm) and the JavaScript ecosystemUnderstanding of software security concepts and vulnerability managementExperience building and scaling APIs and data processing pipelinesFamiliarity with automated testing, CI/CD, and deployment systemsPreferred:Experience with security tooling, vulnerability scanning, or patch managementKnowledge of software supply chain security challengesExperience with other package ecosystems (Python, Go, Rust, etc.)Open source contributions or package maintenance experienceBackground in DevSecOps or security engineeringExperience with high-throughput data processing systemsOur Interview ProcessInformational with a member from our Talent TeamHiring Manager InterviewTake-home problemInternal review of take-homeLive review of take-homeDebriefFinal Interview with FerossReferencesDecision/OfferWe know how important clarity is when looking for a new role, so we've put together a read-me about the Interview Process at Socket.Benefits: Our benefits are crafted to support you and your family, so you can take care of what matters most and thrive in and outside of work. We offer:Market competitive salary bandsMeaningful equity programComprehensive health benefits for you and your family (99% coverage)Flexible time-off, holidays, and winter shutdown to rest & rechargePaid parental leaveRemote-first, with quarterly team off-sites At Socket, wePursue Excellence: We set ourselves apart by consistently delivering work of exceptional quality and distinction.Move with urgency and focus: We prioritize swift, decisive action.Think rigorously: We care about being right and it often takes reasoning from first principles to get there. We value alternative perspectives and have constructive discussions.Trust and amplify: We overtrust, always assume good intent, and give specific feedback to help each other improve.Feel a strong sense of ownership: We wear many hats and feel a strong sense of overall ownership of the company and we're non-territorial regarding our nominal domains.Are customer obsessed: We relentlessly prioritize the needs of our customers, striving to exceed their expectations and delight them at every interaction.